revision for PRO-2015-661R02 alignment

a63a01c2 · Wolfgang Granzow · 4c2aef35 · a63a01c2
Commit a63a01c2 authored 10 years ago by Wolfgang Granzow
--- a/CDT-accessControlPolicy-v0_8_0.xsd
+++ b/CDT-accessControlPolicy-v0_8_0.xsd
@@ -22,8 +22,10 @@ ANY CLAIM, AND IN NO EVENT SHALL oneM2M BE LIABLE FOR LOST PROFITS OR OTHER INCI
 oneM2M EXPRESSLY ADVISES ANY AND ALL USE OF OR RELIANCE UPON THIS INFORMATION PROVIDED IN THIS DOCUMENT IS AT THE RISK OF THE USER.
 -->
-<xs:schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.onem2m.org/xml/protocols"
+<xs:schema xmlns="http://www.w3.org/2001/XMLSchema"
-	xmlns:m2m="http://www.onem2m.org/xml/protocols" xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified">
+	targetNamespace="http://www.onem2m.org/xml/protocols"
+	xmlns:m2m="http://www.onem2m.org/xml/protocols" xmlns:xs="http://www.w3.org/2001/XMLSchema"
+	elementFormDefault="unqualified">
 	<xs:include schemaLocation="CDT-commonTypes-v0_8_0.xsd"/>
 	<xs:include schemaLocation="CDT-subscription-v0_8_0.xsd"/>
@@ -35,12 +37,13 @@ oneM2M EXPRESSLY ADVISES ANY AND ALL USE OF OR RELIANCE UPON THIS INFORMATION PR
 				<xs:extension base="m2m:announceableSubordinateResource">
 					<xs:sequence>
 						<!-- Resource Specific Attributes -->
-						<xs:element name="privileges" type="m2m:privileges" />
+						<xs:element name="privileges" type="m2m:setOfAcrs"/>
-						<xs:element name="selfPrivileges" type="m2m:selfPrivileges" />
+						<xs:element name="selfPrivileges" type="m2m:setOfAcrs"/>
 						<!-- Child Resources -->
 						<xs:choice minOccurs="0" maxOccurs="1">
-							<xs:element name="childResource" type="m2m:childResourceRef" maxOccurs="unbounded" />
+							<xs:element name="childResource" type="m2m:childResourceRef"
+								maxOccurs="unbounded"/>
 							<xs:element ref="m2m:subscription" maxOccurs="unbounded"/>
 						</xs:choice>
 					</xs:sequence>
@@ -56,12 +59,13 @@ oneM2M EXPRESSLY ADVISES ANY AND ALL USE OF OR RELIANCE UPON THIS INFORMATION PR
 				<xs:extension base="m2m:announcedSubordinateResource">
 					<xs:sequence>
 						<!-- Resource Specific Attributes -->
-						<xs:element name="privileges" type="m2m:privileges" />
+						<xs:element name="privileges" type="m2m:setOfAcrs"/>
-						<xs:element name="selfPrivileges" type="m2m:selfPrivileges" />
+						<xs:element name="selfPrivileges" type="m2m:setOfAcrs"/>
 						<!-- Child Resources -->
 						<xs:choice minOccurs="0" maxOccurs="1">
-							<xs:element name="childResource" type="m2m:childResourceRef" maxOccurs="unbounded" />
+							<xs:element name="childResource" type="m2m:childResourceRef"
+								maxOccurs="unbounded"/>
 							<xs:element ref="m2m:subscription" maxOccurs="unbounded"/>
 						</xs:choice>
 					</xs:sequence>
@@ -70,83 +74,300 @@ oneM2M EXPRESSLY ADVISES ANY AND ALL USE OF OR RELIANCE UPON THIS INFORMATION PR
 		</xs:complexType>
 	</xs:element>
-	<!-- TODO: Questions 1. Do we need to give all these types explicit names? 2. Should some or all of these go into CDT-Common 
+	<!-- TODO: 1) final decision: Should some or all of the data types defined below go into CDT-Common Types 
-		Types or CDT-Enumerations? -->
+		          (and "m2m:accessControlOperations" into CDT-Enumerations) ? 
+	           2) define short names for "setOfAcrs" and all its elements names (CR to TS-0004 for next PRO WG meeting)   -->
-	<xs:complexType name="privileges">
+	<xs:complexType name="setOfAcrs">
 		<xs:sequence>
-			<xs:element name="accessControlRule" type="m2m:accessControlRule" minOccurs="0" maxOccurs="unbounded" />
+			<xs:element name="accessControlRule" type="m2m:accessControlRule" minOccurs="0"
+				maxOccurs="unbounded"/>
 		</xs:sequence>
 	</xs:complexType>
-	<xs:complexType name="selfPrivileges">
-		<xs:sequence>
-			<xs:element name="accessControlRule" type="m2m:accessControlRule" maxOccurs="unbounded" />
-		</xs:sequence>
-	</xs:complexType>
-    <!-- TODO: Update TS0004 to match this (needs CR) -->
 	<xs:complexType name="accessControlRule">
 		<xs:sequence>
 			<xs:element name="accessControlOriginators" type="m2m:listOfURIs"/>
-			<xs:element name="accessControlOperations" type="m2m:accessControlOperationList" />
-			<xs:element name="accessControlContexts" type="m2m:accessControlContexts" minOccurs="0" />
-		</xs:sequence>
-	</xs:complexType>
-	<xs:complexType name="accessControlOperationList">
+			<!-- accessControlOperations defined as enumerated list 1 ... 63           -->
-		<xs:sequence>
+			<xs:element name="accessControlOperations" type="m2m:accessControlOperations"/>
-			<xs:element name="accessControlOperation" type="m2m:accessControlOperation" minOccurs="1" maxOccurs="unbounded" />
-		</xs:sequence>
-	</xs:complexType>
-	<xs:complexType name="accessControlContexts">
+			<!--  TODO:  mismatch between TS-0004 and TS-0003:    
+				         TS-0003 defines that "accessControlContexts" is comprised of multiple "context sets", where  
+				         each such context set is comprised of 3 parts (setOfTimeWindows, setOfIPAddresses, setOflocationRegions)
+				         Two options to resolve this mismatch:
+				         1) allow "accessControlContexts" element multiplicity 0 .. n in Table 6.3.4.27-1 of TS-0004
+				         2) define "accessControlContexts" as of type "m2m:context" which has multiplicity 1 .. n 
+				         Below option 1) is implemented:                                                             -->
+			<xs:element name="accessControlContexts" minOccurs="0" maxOccurs="unbounded">
+				<xs:complexType>
 					<xs:sequence>
-			<xs:element name="accessControlWindows" type="m2m:accessControlWindows" minOccurs="0" maxOccurs="unbounded" />
-			<xs:element name="accessControlIpAddresses" type="m2m:accessControlIpAddresses" minOccurs="0" maxOccurs="unbounded" />
-			<xs:element name="accessControlLocationRegions" type="m2m:accessControlLocationRegions" minOccurs="0"
-				maxOccurs="unbounded" />
-		</xs:sequence>
-	</xs:complexType>
-	<xs:complexType name="accessControlWindows">
+						<!-- TODO:  mismatch with TS-0003: 
+							  element is called "accessControlTimeWindow" in TS-0001 and and TS-0004,
+						                         but "accessControlTimeWindows" in TS-0003                           -->
+						<xs:element name="accessControlWindow" type="m2m:scheduleEntry" minOccurs="0" maxOccurs="unbounded" />
+						<!--  TODO:  mismatch with TS-0001: element is called accessControlIpAddress in TS-0001 
+						             It is also called "accessControlIpAddresses" in TS-0003      -->
+						<xs:element name="accessControlIpAddresses" minOccurs="0">
+							<xs:complexType>
 								<xs:sequence>
-			<xs:element name="accessControlWindow" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
+									<!--  TODO:  it should be possible to include both IPv6 and IPv4 address. 
+										         Present text in TS-0004 is ambiguous. Not clear if "or" in TS-0001 is inclusive or exclusive 
+									             Below it is interpreted as inclusive.                          -->
+									<xs:element name="listOfIPv4" type="m2m:listOfIPv4" minOccurs="0" maxOccurs="1"/>
+									<xs:element name="listOfIPv6" type="m2m:listOfIPv6" minOccurs="0" maxOccurs="1"/>
 								</xs:sequence>
 							</xs:complexType>
+						</xs:element>
+						<!--  TODO:  mismatch with TS-0001: element is called accessControlLocationRegion in TS-0001 
+						             It is also called "accessControlLocationRegions" in TS-0003  and TS-0004-->
+						<xs:element name="accessControlLocationRegions" type="m2m:locationRegion" minOccurs="0" maxOccurs="unbounded" />
-	<xs:complexType name="accessControlIpAddresses">
-		<xs:sequence>
-			<xs:element name="accessControlIpAddress" type="xs:anyURI" minOccurs="0" maxOccurs="unbounded" />
 				    </xs:sequence>
 				</xs:complexType>
+			</xs:element>
-	<xs:complexType name="accessControlLocationRegions">
-		<xs:sequence>
-			<xs:element name="accessControlLocationRegion" type="m2m:accessControlLocationRegion" minOccurs="0"
-				maxOccurs="unbounded" />
 		</xs:sequence>
 	</xs:complexType>
-	<xs:complexType name="accessControlLocationRegion">
+	<xs:complexType name="locationRegion" >
+		<xs:choice>
+			<xs:element name="countryCode" type="m2m:listofCCs"/>
 			<xs:sequence>
-			<xs:element name="latitude" type="xs:float" minOccurs="0" />
+				<xs:element name="circRegion" minOccurs="0">
-			<xs:element name="longitude" type="xs:float" minOccurs="0" />
-			<xs:element name="radius" type="xs:float" minOccurs="0" />
+					<!-- "circularRegion" is an ordered list of following three parameters of data type float ´
-			<xs:element name="countryCode" type="m2m:countryCode" minOccurs="0" />
+		 										 1) longitude in the range +/-180 degrees  
+		 										 2) latitude in the range +/-90 degrees, 
+		  										 3) radius in meters      -->
+					<xs:simpleType>
+						<xs:restriction>
+							<xs:simpleType>
+								<xs:list itemType="xs:float"/>
+							</xs:simpleType>
+							<xs:minLength value="3"/>
+							<xs:maxLength value="3"/>
+						</xs:restriction>
+					</xs:simpleType>
+				</xs:element>
 			</xs:sequence>
+		</xs:choice>
 	</xs:complexType>
+	<!-- "listOfIPv4" is a space separated list of IPv4 addresses -->
+	<xs:simpleType name="listOfIPv4">
+		<xs:list itemType="m2m:ipv4"/>
+	</xs:simpleType>
-	<!-- TODO: check if a CR to TS-0004 or TS-0003 is needed -->
+	<!-- "listOfIPv6" is a space separated list of IPv6 addresses -->
+	<xs:simpleType name="listOfIPv6">
+		<xs:list itemType="m2m:ipv6"/>
+	</xs:simpleType>
+	<!-- countryCode as defined in TS-0004 -->
 	<xs:simpleType name="countryCode">
 		<xs:annotation>
 			<xs:documentation>2-character country code as defined by ISO-3166</xs:documentation>
 		</xs:annotation>
 		<xs:restriction base="xs:string">
-			<xs:pattern value="[A-Z]{2}"></xs:pattern>
+			<xs:pattern value="[A-Z]{2}"/>
+		</xs:restriction>
+	</xs:simpleType>
+	<!-- "listOfCCs" is a space separated list of 2-digit country codes-->
+	<xs:simpleType name="listofCCs">
+		<xs:list itemType="m2m:countryCode"/>
+	</xs:simpleType>
+	<!-- Initial IPv4 and IPv6 address representation types were found here:
+     http://lists.w3.org/Archives/Public/www-xml-schema-comments/2005OctDec/0138.html, CIDR suffix has been added  -->
+	<!--  TODO: Need to add more descriptive text into TS-0004 about structure of IPv4 and IPv6 addresses with optional CIDR suffix -->
+	<xs:simpleType name="ipv4">
+		<xs:annotation>
+			<xs:documentation> An IP version 4 address, with optional CIDR suffix in the range /0
+				... /32. </xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:token">
+			<xs:pattern
+				value="(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])(/([0-9]|[1-2][0-9]|3[0-2]))?"/>
+			<xs:pattern value="[0-9A-Fa-f]{8}(/([0-9]|[1-2][0-9]|3[0-2]))?"/>
 		</xs:restriction>
 	</xs:simpleType>
+	<xs:simpleType name="ipv6">
+		<xs:annotation>
+			<xs:documentation> An IP version 6 address, based on RFC 1884, with optional CIDR suffix
+				in the range /0 ... /128. </xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:token">
+			<!-- Fully specified address -->
+			<xs:pattern
+				value="[0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){7}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
+			<!-- Double colon start -->
+			<xs:pattern value=":(:[0-9A-Fa-f]{1,4}){1,7}"/>
+			<!-- Double colon middle -->
+			<xs:pattern
+				value="([0-9A-Fa-f]{1,4}:){1,6}(:[0-9A-Fa-f]{1,4}){1}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
+			<xs:pattern
+				value="([0-9A-Fa-f]{1,4}:){1,5}(:[0-9A-Fa-f]{1,4}){1,2}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
+			<xs:pattern
+				value="([0-9A-Fa-f]{1,4}:){1,4}(:[0-9A-Fa-f]{1,4}){1,3}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
+			<xs:pattern
+				value="([0-9A-Fa-f]{1,4}:){1,3}(:[0-9A-Fa-f]{1,4}){1,4}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
+			<xs:pattern
+				value="([0-9A-Fa-f]{1,4}:){1,2}(:[0-9A-Fa-f]{1,4}){1,5}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
+			<xs:pattern
+				value="([0-9A-Fa-f]{1,4}:){1}(:[0-9A-Fa-f]{1,4}){1,6}(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
+			<!-- Double colon end -->
+			<xs:pattern value="([0-9A-Fa-f]{1,4}:){1,7}:(/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?"/>
+			<!-- Embedded IPv4 addresses without CIDR suffix. Should IPv4 CIDR suffix be added?-->
+			<xs:pattern
+				value="((:(:0{1,4}){0,3}(:(0{1,4}|[fF]{4}))?)|(0{1,4}:(:0{1,4}){0,2}(:(0{1,4}|[fF]{4}))?)|((0{1,4}:){2}(:0{1,4})?(:(0{1,4}|[fF]{4}))?)|((0{1,4}:){3}(:(0{1,4}|[fF]{4}))?)|((0{1,4}:){4}(0{1,4}|[fF]{4})?)):(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])"/>
+			<!-- The unspecified address -->
+			<xs:pattern value="::(/0)?"/>
+		</xs:restriction>
+	</xs:simpleType>
+	<!-- access control operations -->
+	<xs:simpleType name="accessControlOperations">
+		<xs:annotation>
+			<xs:documentation>Shall be considered for access control policy check by the
+				CSE</xs:documentation>
+		</xs:annotation>
+		<xs:restriction base="xs:integer">
+			<!-- Create -->
+			<xs:enumeration value="1"/>
+			<!-- Retrieve -->
+			<xs:enumeration value="2"/>
+			<!-- Create + Retrieve -->
+			<xs:enumeration value="3"/>
+			<!-- Update -->
+			<xs:enumeration value="4"/>
+			<!-- Create + Update -->
+			<xs:enumeration value="5"/>
+			<!-- Retrieve + Update -->
+			<xs:enumeration value="6"/>
+			<!-- Create + Retrieve + Update -->
+			<xs:enumeration value="7"/>
+			<!-- Delete -->
+			<xs:enumeration value="8"/>
+			<!-- Create + Delete -->
+			<xs:enumeration value="9"/>
+			<!-- Retrieve + Delete -->
+			<xs:enumeration value="10"/>
+			<!-- Create + Retrieve + Delete -->
+			<xs:enumeration value="11"/>
+			<!-- Update + Delete -->
+			<xs:enumeration value="12"/>
+			<!-- Create + Update + Delete -->
+			<xs:enumeration value="13"/>
+			<!-- Retrieve + Update + Delete -->
+			<xs:enumeration value="14"/>
+			<!-- Create + Retrieve + Update + Delete -->
+			<xs:enumeration value="15"/>
+			<!-- Notify -->
+			<xs:enumeration value="16"/>
+			<!-- Create + Notify -->
+			<xs:enumeration value="17"/>
+			<!-- Retrieve + Notify -->
+			<xs:enumeration value="18"/>
+			<!-- Create + Retrieve + Notify -->
+			<xs:enumeration value="19"/>
+			<!-- Update + Notify -->
+			<xs:enumeration value="20"/>
+			<!-- Create + Update + Notify -->
+			<xs:enumeration value="21"/>
+			<!-- Retrieve + Update + Notify -->
+			<xs:enumeration value="22"/>
+			<!-- Create + Retrieve + Update -->
+			<xs:enumeration value="23"/>
+			<!-- Delete + Notify -->
+			<xs:enumeration value="24"/>
+			<!-- Create + Delete + Notify -->
+			<xs:enumeration value="25"/>
+			<!-- Retrieve + Delete + Notify -->
+			<xs:enumeration value="26"/>
+			<!-- Create + Retrieve + Delete + Notify -->
+			<xs:enumeration value="27"/>
+			<!-- Update + Delete + Notify -->
+			<xs:enumeration value="28"/>
+			<!-- Create + Update + Delete + Notify -->
+			<xs:enumeration value="29"/>
+			<!-- Retrieve + Update + Delete + Notify -->
+			<xs:enumeration value="30"/>
+			<!-- Create + Retrieve + Update + Delete + Notify -->
+			<xs:enumeration value="31"/>
+			<!-- Discover -->
+			<xs:enumeration value="32"/>
+			<!-- Create + Discover -->
+			<xs:enumeration value="33"/>
+			<!-- Retrieve + Discover -->
+			<xs:enumeration value="34"/>
+			<!-- Create + Retrieve + Discover -->
+			<xs:enumeration value="35"/>
+			<!-- Update + Discover -->
+			<xs:enumeration value="36"/>
+			<!-- Create + Update + Discover -->
+			<xs:enumeration value="37"/>
+			<!-- Retrieve + Update + Discover -->
+			<xs:enumeration value="38"/>
+			<!-- Create + Retrieve + Update + Discover -->
+			<xs:enumeration value="39"/>
+			<!-- Delete + Discover -->
+			<xs:enumeration value="40"/>
+			<!-- Create + Delete + Discover -->
+			<xs:enumeration value="41"/>
+			<!-- Retrieve + Delete + Discover -->
+			<xs:enumeration value="42"/>
+			<!-- Create + Retrieve + Delete + Discover -->
+			<xs:enumeration value="43"/>
+			<!-- Update + Delete + Discover -->
+			<xs:enumeration value="44"/>
+			<!-- Create + Update + Delete + Discover -->
+			<xs:enumeration value="45"/>
+			<!-- Retrieve + Update + Delete + Discover -->
+			<xs:enumeration value="46"/>
+			<!-- Create + Retrieve + Update + Delete + Discover -->
+			<xs:enumeration value="47"/>
+			<!-- Notify + Discover -->
+			<xs:enumeration value="48"/>
+			<!-- Create + Notify + Discover -->
+			<xs:enumeration value="49"/>
+			<!-- Retrieve + Notify + Discover -->
+			<xs:enumeration value="50"/>
+			<!-- Create + Retrieve + Notify + Discover -->
+			<xs:enumeration value="51"/>
+			<!-- Update + Notify + Discover -->
+			<xs:enumeration value="52"/>
+			<!-- Create + Update + Notify + Discover -->
+			<xs:enumeration value="53"/>
+			<!-- Retrieve + Update + Notify + Discover -->
+			<xs:enumeration value="54"/>
+			<!-- Create + Retrieve + Update + Discover -->
+			<xs:enumeration value="55"/>
+			<!-- Delete + Notify + Discover -->
+			<xs:enumeration value="56"/>
+			<!-- Create + Delete + Notify + Discover -->
+			<xs:enumeration value="57"/>
+			<!-- Retrieve + Delete + Notify + Discover -->
+			<xs:enumeration value="58"/>
+			<!-- Create + Retrieve + Delete + Notify + Discover -->
+			<xs:enumeration value="59"/>
+			<!-- Update + Delete + Notify + Discover -->
+			<xs:enumeration value="60"/>
+			<!-- Create + Update + Delete + Notify + Discover -->
+			<xs:enumeration value="61"/>
+			<!-- Retrieve + Update + Delete + Notify + Discover -->
+			<xs:enumeration value="62"/>
+			<!-- Create + Retrieve + Update + Delete + Notify + Discover -->
+			<xs:enumeration value="63"/>
+		</xs:restriction>
+	</xs:simpleType>
 </xs:schema>